Australia central bank says no information lost in cyber attacks

SYDNEY (Reuters) - Australia's central bank confirmed on Monday it had been targeted by cyber attacks and that no data had been lost or systems compromised, but would not comment on a media report that a malware virus used in one attack was Chinese in origin.

The Reserve Bank of Australia (RBA) was responding to a report in the Australian Financial Review newspaper that claimed the central bank had been repeatedly and successfully hacked and information stolen.

"As reported in today's media, the Bank has on occasion been the target of cyber attacks," the RBA said in a statement.

"The Bank has comprehensive security arrangements in place which have isolated these attacks and ensured that viruses have not been spread across the Bank's network or systems," the central bank said.

"At no point have these attacks caused the Bank's data or information to be lost or its systems to be corrupted."

Hacking attacks on governments and corporations have become routine, with suspicion falling on China as the source of much of the activity. Beijing has repeatedly denied accusations it is behind the attacks, saying it too is a victim of hacking, particularly from the United States.

The RBA said it routinely consulted with the Defence Signals Directorate, Australia's intelligence agency, to ensure the security of its systems.

Reports released under the Freedom of Information Act showed Australia's central bank was the subject of a malicious email attack on November 16 and 17, 2011, using a virus that was undetectable by the bank's anti-virus software.

An email titled "Strategic Planning FY2012" was sent to several RBA staff up to department heads and was opened by six of them, potentially compromising their workstations. The email purported to come from a senior staff member at the bank and came from a "possibly legitimate" external account.

The emails contained a compressed zip file with an executable malware application, although the Bank would not identify the virus used.

All of the six workstations affected did not have local administrator rights, which prevented the virus from spreading. The servers were considered comprised and removed from the network on November 17.

"The email had managed to bypass the existing security controls in place for malicious emails by being well written, targeted to specific bank staff and utilized an embedded hyperlink to the virus payload which differs from the usual attack whereby the virus is attached directly to the email," according the RBA's report of the incident.

"Bank assets could have been potentially compromised, leading to service disruption, information loss and reputation," the report noted.

The RBA took the issue up with the providers of its anti-virus software to update its defenses, including scanning for hyperlinks in emails and automatically blocking them.

As well as the attempted hacking, the RBA documents also listed a range of potentially embarrassing incidents from lost laptops and Blackberrys, to sensitive documents emailed by mistake.

In one incident, a folder containing confidential information was left on the rear of an office car by a distracted staff member. On driving off, the staff were advised by a passing motorist that papers had scattered across the road.

Most of the papers were recovered after an hour of searching, although some were thought lost in a stormwater drain, "resulting in moderate reputational risk to the Bank", the reports showed.